Bug 27290 - S4C Traceback nach Löschen von GPO per MS/RSAT "Gruppenrichtlinienverwaltung"
S4C Traceback nach Löschen von GPO per MS/RSAT "Gruppenrichtlinienverwaltung"
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.2-3-errata
Assigned To: Stefan Gohmann
Felix Botner
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-25 15:02 CEST by Arvid Requate
Modified: 2014-09-10 17:41 CEST (History)
7 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2012-05-25 15:02:37 CEST
Eine Gruppenlinie wurde per MS/RSAT "Gruppenrichtlinienverwaltung" in Samba4 angelegt und erfolgreich nach OpenLDAP repliziert. Nachdem sie dann mit den Windows-Tool wieder gelöscht wurde erscheint folgender Traceback im connector-s4.log und der Reject ist permanent:

==========================================================================
21.05.2012 22:22:23,302 LDAP        (WARNING): lastKnownParent attribute for deleted object rdn="CN=User" was not set, so we must ignore the object
21.05.2012 22:22:23,302 LDAP        (WARNING): lastKnownParent attribute for deleted object rdn="CN=Machine" was not set, so we must ignore the object
21.05.2012 22:22:23,306 LDAP        (PROCESS): sync to ucs:   [         msGPO] [    delete] cn={4e12c941-6632-4aa8-97d7-874368319119},cn=policies,cn=system,dc=nos4,dc=local
21.05.2012 22:22:23,345 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
21.05.2012 22:22:23,345 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1291, in sync_to_ucs
    result = self.delete_in_ucs(property_type, object, module, position)
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1202, in delete_in_ucs
    ucs_object.remove()
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 455, in remove
    return self._remove(remove_childs)
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 936, in _remove
    self.lo.delete(self.dn)
  File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 426, in delete
    raise univention.admin.uexceptions.ldapError, _err2str(msg)
ldapError: Operation not allowed on non-leaf: subordinate objects must be deleted first

21.05.2012 22:22:23,345 LDAP        (WARNING): sync to ucs was not successfull, save rejected
==========================================================================
Comment 1 Arvid Requate univentionstaff 2013-04-25 12:31:38 CEST
Originally reported for UCS@school 3.0, probably this is generic? Anyway, it needs to be adressed in the mainline univention-s4-connector code.
Comment 2 Janis Meybohm univentionstaff 2013-04-25 12:38:00 CEST
Occured on customer system (Ticket#: 2013042321001653), UCS 3.1-1

Looks like this comes together with bug26231 (because the DN does no longer exist in AD?)

21.04.2013 06:25:18,656 LDAP        (PROCESS): sync to ucs: Resync rejected dn: CN={9D4B2ED5-C5EE-46D4-9C30-AA73CB0260E4},CN=Policies,CN=System,DC=customer,DC=local
21.04.2013 06:25:18,664 LDAP        (PROCESS): sync to ucs:   [         msGPO] [    delete] cn={9d4b2ed5-c5ee-46d4-9c30-aa73cb0260e4},cn=policies,cn=system,dc=customer,dc=local
21.04.2013 06:25:18,670 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
21.04.2013 06:25:18,671 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1303, in sync_to_ucs
    result = self.delete_in_ucs(property_type, object, module, position)
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1211, in delete_in_ucs
    ucs_object.remove()
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 455, in remove
    return self._remove(remove_childs)
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 941, in _remove
    self.lo.delete(self.dn)
  File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 453, in delete
    raise univention.admin.uexceptions.ldapError, _err2str(msg)
ldapError: Operation not allowed on non-leaf: subordinate objects must be deleted first

21.04.2013 06:25:18,671 LDAP        (PROCESS): sync to ucs: Resync rejected dn: CN=User,CN={29D9D13B-EB25-4057-B44A-53F52B70B329},CN=Policies,CN=System,DC=customer,DC=local
21.04.2013 06:25:18,676 LDAP        (WARNING): lastKnownParent attribute for deleted object rdn="CN=User" was not set, so we must ignore the object
21.04.2013 06:25:18,677 LDAP        (ERROR  ): unexpected Error during s4.resync_rejected
21.04.2013 06:25:18,677 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 1951, in resync_rejected
    mapped_object = self._object_mapping(property_key,object)
  File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1561, in _object_mapping
    if object.has_key(dntype):
AttributeError: 'NoneType' object has no attribute 'has_key'
Comment 3 Moritz Muehlenhoff univentionstaff 2013-05-31 10:46:36 CEST
We will not ship a UCS 3.1-2 release; the next UCS release will be UCS 3.2.

As such, this bug is moved to the new target milestone.
Comment 4 Jan Christoph Ebersbach univentionstaff 2013-07-02 15:15:38 CEST
This issue was also reported at Ticket #2012051421002599.
Comment 5 Felix Botner univentionstaff 2013-07-18 11:37:19 CEST
This issue was also reported at Ticket #201307083026660
Comment 6 Tim Petersen univentionstaff 2013-12-02 11:25:35 CET
Reported again at Ticket #2013112821003058
Comment 7 Tim Petersen univentionstaff 2014-05-09 07:11:48 CEST
Reported again at 2014050821006709
Comment 8 Tim Petersen univentionstaff 2014-06-27 07:15:01 CEST
Again at #2014062621000438
Comment 9 Tim Petersen univentionstaff 2014-09-04 08:14:44 CEST
Again at 2014090421000091
Comment 10 Stefan Gohmann univentionstaff 2014-09-04 09:00:06 CEST
Maybe we could add con_subtree_delete_objects in the gpo mapping.
Comment 11 Stefan Gohmann univentionstaff 2014-09-04 10:38:50 CEST
(In reply to Stefan Gohmann from comment #10)
> Maybe we could add con_subtree_delete_objects in the gpo mapping.

No, that's the other way.

There was already a handling for non-leaf UDM objects but it was broken. Fixed with:
 UCS 3.2-3: r53344
 UCS 4.0-0: r53346
 YAML: r53352

I've also added a basic test case for the GPO synchronization:
 UCS 3.2-3: r53347 + r53349
 UCS 4.0-0: r53348
Comment 12 Felix Botner univentionstaff 2014-09-08 12:23:31 CEST
FAIL - merge test script to 4.0

OK - deleting GPO objects
OK - Test
OK - YAML
Comment 13 Stefan Gohmann univentionstaff 2014-09-08 21:20:50 CEST
(In reply to Felix Botner from comment #12)
> FAIL - merge test script to 4.0

Added missing file: r53456
Comment 14 Felix Botner univentionstaff 2014-09-09 09:38:04 CEST
OK
Comment 15 Janek Walkenhorst univentionstaff 2014-09-10 17:41:18 CEST
http://errata.univention.de/ucs/3.2/199.html